SAP AI Core Vulnerabilities Expose Customer Data to Cyber Attacks

Cybersecurity researchers have discovered five vulnerabilities in SAP AI Core cloud-based platform, named SAPwned, which could be exploited to access customer data and tokens. These vulnerabilities make it possible to gain unauthorized access to customers’ private data and modify Docker images, thereby causing supply chain attacks. The security firm responsible for the discovery, Wiz, says this threat arises due to the platform’s lack of robust isolation and sandboxing mechanisms. Following responsible disclosure in January 2024, SAP addressed the weaknesses in May 2024.